Vulnerability Description
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | datacenter_edition |
| Microsoft | Windows Vista | All versions |
| Microsoft | Windows Xp | All versions |
| Microsoft | Directx | 5.2 |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=632
- http://secunia.com/advisories/28010Vendor Advisory
- http://www.iss.net/threats/280.html
- http://www.kb.cert.org/vuls/id/804089US Government Resource
- http://www.securityfocus.com/archive/1/485268/100/0/threaded
- http://www.securityfocus.com/bid/26789
- http://www.securitytracker.com/id?1019073
- http://www.us-cert.gov/cas/techalerts/TA07-345A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/4180Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-06
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38721
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://www.exploit-db.com/exploits/4866
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=632
- http://secunia.com/advisories/28010Vendor Advisory
FAQ
What is CVE-2007-3901?
CVE-2007-3901 is a vulnerability with a CVSS score of 8.5 (HIGH). Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary ...
How severe is CVE-2007-3901?
CVE-2007-3901 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3901?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Vista, Microsoft Windows Xp, Microsoft Directx.